[c-nsp] firewalling authenticated wireless traffic

Phil Mayers p.mayers at imperial.ac.uk
Wed Feb 10 08:10:54 EST 2010


On 10/02/10 12:52, scott owens wrote:
> Hello,
>
>     We offer wireless connectivity to about 500 to 1000 user/devices that
> authenticate with machine&  domain credentials via WPA2.
> Currently we send this through a HA pair of ASA5520s where the rule for this
> traffic essentially is any->any := ok.
> Does anyone let this type of traffic directly into their core networks -
> perhaps still restricting other type of wlans with controllers or firewalls

We do exactly the same thing.

The main rationale is that we could drop in rules in a hurry during a 
mass outbreak such as Blaster or Slammer.

> My thought is that our wireless traffic is likely more secure that our plain
> wired networks - at this point without 802.1x on lan.

Indeed.


More information about the cisco-nsp mailing list